Description
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- ISC / BIND99.14.0 – *
References
- MISChttps://kb.isc.org/docs/cve-2020-8621
- MISChttps://security.netapp.com/advisory/ntap-20200827-0003/
- VENDOR_ADVISORYhttps://usn.ubuntu.com/4468-1/
- MISChttps://security.gentoo.org/glsa/202008-19
- MISChttps://www.synology.com/security/advisory/Synology_SA_20_19
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html